Users Guide

Table Of Contents
339 | 802.1X Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide
n guest
n system administrators
The examples show how to configure using the WebUI and CLI commands.
Configuring Authentication with an 802.1X RADIUS Server
l An EAP-compliant RADIUS server provides the 802.1X authentication. The RADIUS server administrator
must configure the server to support this authentication. The administrator must also configure the server
to all communications with the Dell controller.
l The authentication type is WPA. From the 802.1X authentication exchange, the client and the controller
derive dynamic keys to encrypt data transmitted on the wireless network.
l 802.1x authentication based on PEAP with MS-CHAPv2 provides both computer and user authentication. If
a user attempts to log in without the computer being authenticated first, the user is placed into a more
limited guest” user role.
Windows domain credentials are used for computer authentication, and the user’s Windows login and
password are used for user authentication. A single user sign-on facilitates both authentication to the
wireless network and access to the Windows server resources.
802.1X Configuration for IAS and Windows Clients on page 1153 describes how to configure the Microsoft Internet
Authentication Server and Windows XP wireless client to operate with the controller configuration shown in this
section.
Configuring Roles and Policies
You can create the following policies and user roles for:
l Student
l Faculty
l Guest
l Sysadmin
l Computer
Creating the Student Role and Policy
The student policy prevents students from using telnet, POP3, FTP, SMTP, SNMP, or SSH to the wired portion
of the network. The student policy is mapped to the student user role.
In the WebUI
1. Navigate to the Configuration > Security > Access Control > Policies page. Select Add to add the
student policy.
2. For Policy Name, enter student.
3. For Policy Type, select IPv4 Session.
4. Under Rules, select Add to add rules for the policy.
a. Under Source, select user.
b. Under Destination, select alias.
The following step defines an alias representing all internal network addresses. Once defined,
you can use the alias for other rules and policies.
c. Under the alias selection, click New. For Destination Name, enter Internal Network. Click Add to add a
rule. For Rule Type, select network. For IP Address, enter 10.0.0.0. For Network Mask/Range, enter